C

C#, More Information, Notes, Create a C# Class Library, Summary

class libraries, Notes, Create a C# Class Library, Summary

objects in COM+, More Information

callers., ASP.NET and HttpContext.User (see , )

CAPICOM objects, Options for Storing Secrets in ASP.NET

CAS., Gatekeepers and Gates (see )

case sensitivity, Choosing a SQL Account for Your Connections

Certificate authentication, ASP.NET Authentication Modes, Configure IIS Settings, Authenticating Web Browser Clients with Certificates, Authenticating Web Browser Clients with Certificates, SSL, How To: Set Up SSL on a Web Server, Submit a Certificate Request, How To: Set Up Client Certificates, How To: Use SSL to Secure Communication with SQL Server 2000, Keys and Certificates, Keys and Certificates, Keys and Certificates, Certificate Stores

browsers and, Authenticating Web Browser Clients with Certificates

certificate stores, Keys and Certificates

cryptography and, Certificate Stores

(see also )

IIS settings, Configure IIS Settings

issuing certificates, Submit a Certificate Request

keys and certificates, Keys and Certificates

setting up client certificates, How To: Set Up Client Certificates

(see also )

SSL and, How To: Set Up SSL on a Web Server, How To: Use SSL to Secure Communication with SQL Server 2000

(see also , )

troubleshooting, SSL

trusted subsystem model and, Authenticating Web Browser Clients with Certificates

Windows authentication and, ASP.NET Authentication Modes

X.509 digital certificates, Keys and Certificates

Certificate Authority certificates, Application Server to Database Server, Install the Certificate Authority’s Certificate on the Client Computer, How To: Set Up SSL on a Web Server, Requirements, Keys and Certificates

(see also , )

channel security., Secure Communication (see )

channels, .NET remoting and, .NET Remoting Security, Anatomy of a Request When Hosting in ASP.NET, Choosing a Host Process

check points., More Information (see )

classes., Gatekeepers and Gates, WindowsPrincipal and WindowsIdentity, Security for Server and Library Applications, Adding Roles to an Application, Adding Roles to an Application, Adding Roles to a Method, How To: Implement IPrincipal, Call the Managed DPAPI Class Library, Summary, Technical Choices

(see also )

adding roles to, Adding Roles to an Application

assigning roles to, Security for Server and Library Applications

creating dummy, to launch serviced component, Call the Managed DPAPI Class Library

creating remote object, Summary

cryptography, Technical Choices

interfaces., Adding Roles to an Application (see )

IPrincipal interface., How To: Implement IPrincipal (see )

methods., Adding Roles to a Method (see )

principal and identity, WindowsPrincipal and WindowsIdentity

client applications, Use Windows Groups, Configure ASP.NET Settings, Disable HTTP-GET, HTTP-POST, Accessing Network Resources, Verify that the Certificate Has Been Installed, Force All Clients to Use SSL

allowing, to choose whether to use SSL, Force All Clients to Use SSL

calling Web services from, Disable HTTP-GET, HTTP-POST

configuring, Use Windows Groups

forcing, to use SSL, Verify that the Certificate Has Been Installed

specifying credentials to remote objects, Accessing Network Resources

test, for Web services, Configure ASP.NET Settings

client certificates, Application Server to Database Server, Configure IIS Settings, Passing Credentials for Authentication to Web Services, Accessing Network Resources, Accessing Network Resources, SSL, How To: Call a Web Service Using Client Certificates from ASP.NET, Install the Certificate Authority’s Certificate on the Client Computer, How To: Set Up Client Certificates, How To: Set Up Client Certificates, Create a Simple Web Application, Create a Simple Web Application, Configure the Web Application to Require Client Certificates, Request and Install a Client Certificate

(see also , )

configuring Web application to require, Create a Simple Web Application

creating simple Web application, Create a Simple Web Application

IIS settings, Configure IIS Settings

installing, Install the Certificate Authority’s Certificate on the Client Computer

requesting and installing, Configure the Web Application to Require Client Certificates

requirements, How To: Set Up Client Certificates

SSL and, Application Server to Database Server, SSL, How To: Call a Web Service Using Client Certificates from ASP.NET

(see also )

verifying operation of, Request and Install a Client Certificate

Web services and., Accessing Network Resources (see )

Web services proxies and, Passing Credentials for Authentication to Web Services

client certificates, Web services security using, Accessing Network Resources, Authenticating Web Browser Clients with Certificates, Authenticating Web Browser Clients with Certificates, How To: Call a Web Service Using Client Certificates from ASP.NET, How To: Call a Web Service Using Client Certificates from ASP.NET, Why Use a Serviced Component?, Requirements, Requirements, Create a Simple Web Service, Create a Custom Account for Running the Serviced Component, Create a Custom Account for Running the Serviced Component, Test the Client Certificate Using a Browser, Test the Client Certificate Using a Browser, Export the Client Certificate to a File, Develop the Serviced Component Used to Call the Web Service, Configure and Install the Serviced Component

authenticating browser clients, Authenticating Web Browser Clients with Certificates

configuring and installing serviced component, Develop the Serviced Component Used to Call the Web Service

configuring Web services virtual directory to require client certificates, Create a Simple Web Service

creating custom account for serviced component, Create a Custom Account for Running the Serviced Component

creating simple Web services, Requirements

creating Web application to call serviced component, Configure and Install the Serviced Component

developing serviced component to call Web services, Export the Client Certificate to a File

exporting client certificate to file, Test the Client Certificate Using a Browser

requesting client certificate for custom account, Create a Custom Account for Running the Serviced Component

requirements, Requirements

testing client certificate using browser, Test the Client Certificate Using a Browser

user profiles and, Why Use a Serviced Component?

using serviced component, How To: Call a Web Service Using Client Certificates from ASP.NET

using trusted subsystem model, Authenticating Web Browser Clients with Certificates

client-side proxies, .NET remoting, Configuring the Web Server, Configuring the Web Server, Configuring the Web Server

clients., The Foundations (see , )

cloaking, Impersonation

CoCopyProxy, Configuring Interface Proxies

Code Access Security (CAS), Gatekeepers and Gates, Gatekeepers and Gates, Evidence and Security Policy, Security for Server and Library Applications

Enterprise Services and, Security for Server and Library Applications

evidence and security policies, Gatekeepers and Gates

Web applications and, Evidence and Security Policy

CoImpersonateClient, Accessing Network Resources, Using the Current Process Identity, Flowing the Original Caller, Authentication Level Negotiation

COM objects, Accessing the Registry, Options for Storing Secrets in ASP.NET, Accessing Network Resources, Determining Identity in a Web service

accessing, Accessing the Registry, Accessing Network Resources

cryptography and, Options for Storing Secrets in ASP.NET

determining identity in Visual Basic 6, Determining Identity in a Web service

COM+, The Foundations, More Information, Options for Storing Secrets in ASP.NET, Enterprise Services Security, Development Time vs. Deployment Time Configuration, Using Custom Text Files

C# and VB .NET objects in, More Information

catalog., Development Time vs. Deployment Time Configuration (see )

constructor strings for storing secrets, Options for Storing Secrets in ASP.NET, Using Custom Text Files

roles., The Foundations (see )

services, Enterprise Services Security

(see also )

COM+ catalog, More Information, Development Time vs. Deployment Time Configuration, Security Concepts, Using Custom Text Files

configuration settings, Development Time vs. Deployment Time Configuration, Security Concepts

Enterprise Services authorization and, More Information

storing connection strings in, Using Custom Text Files

COM, distributed., Development Time vs. Deployment Time Configuration (see )

communication, secure., Secure Communication (see )

Component Services tool, More Information, Enterprise Services (COM+) Roles, Using IPSec, Gatekeepers and Gates, Development Time vs. Deployment Time Configuration, Use Windows Groups, Security Concepts, Using Custom Text Files, Build the Assembly and Add it to the Global Assembly Cache

assigning Windows accounts to roles, Use Windows Groups

configuring security, Development Time vs. Deployment Time Configuration, Security Concepts

examining configured applications, Build the Assembly and Add it to the Global Assembly Cache

preventing COM+ catalog access, Using Custom Text Files

role membership, More Information, Enterprise Services (COM+) Roles

server settings, Using IPSec, Gatekeepers and Gates

components, Design Principles, Using the ASP.NET Process Identity, Development Time vs. Deployment Time Configuration, Adding Roles to an Application

adding roles to, Adding Roles to an Application

authorization, Development Time vs. Deployment Time Configuration

disabling, Design Principles

serviced., Using the ASP.NET Process Identity (see )

confidentiality, Authorization, Secure Communication, Using Multiple Database Roles, How To: Call a Web Service Using SSL, How To: Use IPSec to Provide Secure Communication Between Two Servers, Certificate Stores

configurable security., Intranet Security, Windows Authentication with Impersonation, When to Use, Configurable Security, Configure IIS Settings, More Information, More Information, When to Use, When to Use, ASP.NET and the HTTP Channel, Using DefaultCredentials

(see also , )

.NET remoting, ASP.NET and the HTTP Channel, Using DefaultCredentials

ASP.NET, Configure IIS Settings

Forms authentication, Configurable Security

Web services, More Information, When to Use

Windows authentication with impersonation, Windows Authentication with Impersonation, More Information

Windows authentication without impersonation, When to Use, When to Use

configuration scenarios, Secure the Scenario, The Result, The Result, The Result, ASP.NET to SQL Server, Using Integrated Windows Authentication at the Web Server, Security Configuration Steps, The Result, The Result, The Result, How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services, Notes, Base Configuration

base software, Base Configuration

Enterprise Services and DPAPI, How To: Use DPAPI (User Store) from ASP.NET with Enterprise Services

extranet, Security Configuration Steps, The Result

(see also )

Internet, The Result, The Result

(see also )

intranet, Secure the Scenario, The Result, The Result, The Result, ASP.NET to SQL Server, Using Integrated Windows Authentication at the Web Server

(see also )

IPSec, Notes

configuration stores and tools, Configuration Stores and Tools, Configuration Stores and Tools, Configuration Stores and Tools, Configuration Stores and Tools, Configuration Stores and Tools, Configuration Stores and Tools, Configuration Stores and Tools

.NET remoting, Configuration Stores and Tools

ASP.NET, Configuration Stores and Tools

Enterprise Services, Configuration Stores and Tools

IIS, Configuration Stores and Tools

SQL Server, Configuration Stores and Tools

Web services, Configuration Stores and Tools

configuration, Enterprise Services security, Enterprise Services (COM+) Roles, Configuring Security, Configuring Security, Use Windows Groups, Configure Authentication, Calling Serviced Components from ASP.NET, Calling Serviced Components from ASP.NET, Configuring Interface Proxies, Create a Windows Account to Run the Enterprise Services Application and Windows Service, Develop the Serviced Component Used to Call the Web Service

client applications, Use Windows Groups

Enterprise Services (COM+) roles, Enterprise Services (COM+) Roles

impersonation levels, Configure Authentication

interface proxies, Calling Serviced Components from ASP.NET

security blanket settings, Configuring Interface Proxies

server applications, Configuring Security

serviced components, Create a Windows Account to Run the Enterprise Services Application and Windows Service, Develop the Serviced Component Used to Call the Web Service

Windows authentication and impersonation, Calling Serviced Components from ASP.NET

configuration., The Foundations, Design Principles, Using RPC Encryption, Intranet Security, Intranet Security, Intranet Security, Security Configuration Steps, Security Configuration Steps, The Result, Security Configuration Steps, Security Configuration Steps, Security Configuration Steps, The Result, The Result, The Result, Configurable Security, Programmatic Security, Configure IIS Settings, URL Authorization Examples, Secure Resources, Preventing Files from Being Downloaded, Development Steps for Forms Authentication, Passport Authentication, Passport Authentication, Development Time vs. Deployment Time Configuration, Configuring Security, Proxy Server Authentication, Flowing the Original Caller, Choosing a Host, Implementing Mirrored ASPNET Process Identity, Implementing Mirrored ASPNET Process Identity, Check Identity, Enable Tracing, Configure the Web Application for Forms Authentication, Create a Web Application with a Logon Page, Create a Web Application with a Logon Page, Create a Simple Web Application, Create a Simple Web Service, Summary, Install the Certificate on the Web Server, Create a Simple Web Application, How To: Use IPSec to Provide Secure Communication Between Two Servers, Verify that the Certificate Has Been Installed, Base Configuration, Configuration Stores and Tools

(see also , )

.NET remoting security, Flowing the Original Caller, Choosing a Host

ASPNET account, Intranet Security

(see also )

authentication level, Using RPC Encryption

data, The Foundations

default settings, Design Principles, Implementing Mirrored ASPNET Process Identity

deployment time vs. development time, Development Time vs. Deployment Time Configuration

Enterprise Services security., Intranet Security (see )

extranet scenarios, Security Configuration Steps, The Result

files., Passport Authentication (see , , )

Forms authentication, Configurable Security, Development Steps for Forms Authentication, Configure the Web Application for Forms Authentication, Create a Web Application with a Logon Page, Create a Web Application with a Logon Page, Create a Simple Web Application

IIS security, Configure IIS Settings

Internet scenarios, The Result, The Result

intranet scenarios, Security Configuration Steps, Security Configuration Steps, The Result, Security Configuration Steps, Security Configuration Steps

IPSec, How To: Use IPSec to Provide Secure Communication Between Two Servers

locking, Secure Resources

Passport authentication, Passport Authentication

requiring client certificates, Create a Simple Web Application

resetting ASP.NET default, Implementing Mirrored ASPNET Process Identity

resources to require SSL access, Install the Certificate on the Web Server

scenarios., Base Configuration (see )

secure communication, Preventing Files from Being Downloaded

secure resource, URL Authorization Examples

SSL, Verify that the Certificate Has Been Installed

stores and tools., Configuration Stores and Tools (see )

troubleshooting ASP.NET, Enable Tracing

troubleshooting authorization, Check Identity

Web application security, Programmatic Security

Web services security, Configuring Security, Proxy Server Authentication, Create a Simple Web Service, Summary

connected landscape, Introduction

connection pooling, Disadvantages of the Impersonation / Delegation Model

connection strings, Storing Secrets, Securing SQL Session State, Introducing Data Access Security, Connection String Types, Choosing a SQL Account for Your Connections, Storing Database Connection Strings Securely, Storing Database Connection Strings Securely, Using DPAPI Directly from ASP.NET, Using DPAPI Directly from ASP.NET, Using Custom Text Files, Using Custom Text Files, Using Custom Text Files, Modify the Web Application to Read an Encrypted Connection String from Web.Config, Write a Web Application to Test the Encryption and Decryption Routines, How To: Store an Encrypted Connection String in the Registry

reading encrypted, from Web.config file, Modify the Web Application to Read an Encrypted Connection String from Web.Config, Write a Web Application to Test the Encryption and Decryption Routines

secure storage of, Introducing Data Access Security, Storing Database Connection Strings Securely

securing, Securing SQL Session State, Choosing a SQL Account for Your Connections

SQL authentication and, Storing Secrets, Connection String Types

storing encrypted, in registry, Using Custom Text Files, How To: Store an Encrypted Connection String in the Registry

storing encrypted, with DPAPI, Storing Database Connection Strings Securely

storing, in COM+ catalog, Using Custom Text Files

storing, in configuration files, Using DPAPI Directly from ASP.NET

storing, in custom text files, Using Custom Text Files

storing, in UDL files, Using DPAPI Directly from ASP.NET

connectiongroupname property, Using the ConnectionGroupName Property, Request a Specific Authentication Type

console applications, Hosting in a Windows Service, Create a Console Test Application, Create a Test Client Application

creating, to test encryption library, Create a Console Test Application

creating, to test remote object hosting, Create a Test Client Application

remote object hosting in, Hosting in a Windows Service

contexts, security, Design Principles, Evidence and Security Policy, ASP.NET and HttpContext.User, ASP.NET and HttpContext.User, Disadvantages of the Trusted Subsystem Model, Checking Role Membership, Hosting in a Windows Service, ASP.NET Identity Matrix

ASP.NET., ASP.NET and HttpContext.User (see )

delegating, Design Principles

(see also )

flowing., Disadvantages of the Trusted Subsystem Model (see )

WindowsThread.CurrentPrincipal property, Evidence and Security Policy, ASP.NET and HttpContext.User, Checking Role Membership, Hosting in a Windows Service, ASP.NET Identity Matrix

ContextUtil class, Programmatic Security

cookie replay attacks, Authorize the User Based on User Name or Role Membership

cookies, ASP.NET Authentication Modes, Forms Authentication, Retrieve a Role List from the Custom Data Store, Forms Implementation Guidelines, Securing Session and View State, Using Forms Authentication, Develop LDAP Group Retrieval Code to Look Up the User’s Group Membership, Create a Web Application with a Logon Page, Generate an Authentication Ticket for Authenticated Users

cookieless Forms authentication, Forms Implementation Guidelines

Forms authentication tickets, ASP.NET Authentication Modes, Forms Authentication, Retrieve a Role List from the Custom Data Store, Develop LDAP Group Retrieval Code to Look Up the User’s Group Membership, Create a Web Application with a Logon Page, Generate an Authentication Ticket for Authenticated Users

securing, Securing Session and View State

troubleshooting, Using Forms Authentication

CoQueryProxyBlanket, Configuring Interface Proxies

CoRevertToSelf, Flowing the Original Caller, Impersonation

corporate network extranet connectivity, Pitfalls

CoSetProxyBlanket, Configuring Interface Proxies

credentials., Authorization, Authentication, Role Checking Examples, Intranet Security, An Authorization Pattern, Development Steps for Forms Authentication, Using the Default ASPNET Account, The <processModel> Element, Storing Secrets, Disable HTTP-GET, HTTP-POST, Using Specific Credentials, Flowing the Original Caller, Forms Authentication, Accessing Network Resources, Using DefaultCredentials, Flowing the Original Caller, Configuring the Remote Application Server, Introducing Data Access Security, Choosing a SQL Account for Your Connections, Using the COM+ Catalog, .NET Remoting

(see also , )

data access, Introducing Data Access Security

(see also )

default, with Kerberos delegation, Flowing the Original Caller, Flowing the Original Caller

encrypting, Intranet Security

explicit, with Basic or Forms authentication, Forms Authentication, Configuring the Remote Application Server

in Machine.config file, Using the Default ASPNET Account

logon, Authorization

passing, over networks, Choosing a SQL Account for Your Connections

passing, to remote objects, Accessing Network Resources

passing, to Web services, Disable HTTP-GET, HTTP-POST

retrieving and validating, An Authorization Pattern, Development Steps for Forms Authentication

secret, Storing Secrets

specific, The <processModel> Element, Using Specific Credentials, Using DefaultCredentials

storing, Role Checking Examples

troubleshooting .NET remoting, .NET Remoting

validating, against database stores, Using the COM+ Catalog

Crypto API, Options for Storing Secrets in ASP.NET, How To: Create a DPAPI Library

cryptography, Authentication, Options for Storing Secrets in ASP.NET, Using the COM+ Catalog, Keys and Certificates, Keys and Certificates, Keys and Certificates, Keys and Certificates, Certificate Stores, Technical Choices, Symmetric Algorithm Support, Symmetric Algorithm Support, Asymmetric Algorithm Support

(see also , )

.NET Framework support, Options for Storing Secrets in ASP.NET, Technical Choices

asymmetric algorithm support, Symmetric Algorithm Support

certificate stores, Keys and Certificates

certificates and keys, Keys and Certificates

(see also )

hashing alogorithm support, Asymmetric Algorithm Support

Integrated Windows authentication and, Authentication

password hashes with salt values, Using the COM+ Catalog

symmetric algorithm support, Symmetric Algorithm Support

technical choices, Certificate Stores

X.509 digital certificates, Keys and Certificates

CryptProtectData and CryptUnprotectData, Storing Database Connection Strings Securely, How To: Create a DPAPI Library

custom accounts., Custom Authentication (see )

custom authentication, ASP.NET Authentication Modes, More Information, Custom Authentication, Hosting in a Windows Service, Advantages

custom channels, Transport Channel Sinks

custom HTTP modules and HTTP handlers, Implementing a Custom HTTP Module

custom identities, Choose the Identities Used for Resource Access

custom sinks, Transport Channel Sinks

custom text files, storing connection strings in, Using Custom Text Files